[strongSwan-dev] [PATCH] XAUTH username im updown environment

Andreas Steffen andreas.steffen at strongswan.org
Tue Jun 8 11:53:54 CEST 2010


Hello Heiko,

can you tell me where this hunk is supposed to fit in?

@@ -4947,6 +4957,17 @@ static stf_status quick_inI1_outR1_tail(struct 
verify_oppo_bundle *b,
  						p->spd.that.client = c->spd.that.client;
  						p->spd.that.has_client = TRUE;
  					}
+
+					identification_t *xauth_id = c->xauth_identity;
+					if (c->policy & (POLICY_XAUTH_RSASIG | POLICY_XAUTH_PSK) &&
+						xauth_id)
+					{
+						DBG(DBG_CONTROL,
+							DBG_log("inheriting XAUTH identity %Y", xauth_id)
+						)
+						DESTROY_IF(p->xauth_identity);
+						p->xauth_identity = xauth_id->clone(xauth_id);
+					}
  				}
  			}
  #ifdef DEBUG

The strongSwan master shows:

static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b,
										struct adns_continuation *ac)
{
	struct msg_digest *md = b->md;
	struct state *const p1st = md->st;
	connection_t *c = p1st->st_connection;
	struct payload_digest *const id_pd = md->chain[ISAKMP_NEXT_ID];
	ip_subnet *our_net = &b->my.net
		, *his_net = &b->his.net;

	u_char      /* set by START_HASH_PAYLOAD: */
		*r_hashval,     /* where in reply to jam hash value */
		*r_hash_start;  /* from where to start hashing */

	/* Now that we have identities of client subnets, we must look for
	 * a suitable connection (our current one only matches for hosts).
	 */
	{
		connection_t *p = find_client_connection(c
			, our_net, his_net, b->my.proto, b->my.port, b->his.proto, b->his.port);

Regards

Andreas

On 06/08/2010 09:31 AM, Heiko Hund wrote:
> On Tuesday 08 June 2010 08:50:31 Heiko Hund wrote:
>> dieser Patch fuegt den XAUTH usernamen als Umgebungsvariable fuer das
>> updown Skript hinzu. Könnte auch fÌr die Allgemeinheit interessant sein
>> und wuerde gut zum 4.4.1 changset passen. Wurde mich freuen wenn er
>> aufgenommen wird.
>
> Oops, this wasn't supposed to go to this list. Anyway, here's the translation
> for all non German speakers:
>
>    This patch adds the XAUTH username to the updown script environment. Is
>    could be interesting for the general public and would fit well into the
>    4.4.1 changeset. Would be happy if you accept it.
>
> Cheers
> Heiko

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Dev mailing list